Safe Online Developer Tools
Online developer tools are convenient, but convenience should not override data safety. Before using any formatter, decoder or converter, decide whether the text is safe to place in a browser tab at all.
Do Not Paste Secrets
Avoid pasting production credentials, private keys, signing secrets, database passwords, customer records, access tokens, refresh tokens or regulated personal data. A safer debugging sample keeps the same shape as the real payload while replacing sensitive values with placeholders.
{
"customerId": "sample-customer",
"accessToken": "REDACTED",
"email": "user@example.test"
}Prefer Local-First Tools
Formalint's current tools run client-side in the browser. That means the static page uses JavaScript to format or inspect text rather than sending the pasted input to a Formalint backend. This reduces risk, but it does not remove your responsibility to avoid sensitive data exposure.
Make A Sanitized Sample
When debugging, preserve field names, nesting and data types. Replace names, emails, tokens, identifiers and financial data. If the original value is a string, use a harmless string. If it is a number, use a fake number. This keeps the bug reproducible without carrying real data.
Review Browser Extensions And Sharing
Even local-first pages can be affected by browser extensions, shared screens and clipboard history. Use a clean browser profile for sensitive work and avoid sharing screenshots that include tokens, hostnames or internal customer references.
A good rule: if you would not post the value in a public issue, do not paste it into a general web utility.
Use Formalint
Start with the Formalint tools directory, read the privacy policy, or contact the project through the contact page.